outliner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and saves user-provided materials such as "文章、推文等" (articles, tweets) into posts/... and then calls an analysis skill to read and analyze them (see "当用户提供素材（文章、推文等）... 保存到 posts/.../ source-1.md" and "必须调用文章分析技能进行深度分析"), so it ingests untrusted third-party/user-generated content that the agent will interpret.